The proliferation of internet and mobile-connected devices, the ‘Internet of Things’, has increased network traffic volume, transmission speeds and usage on communications networks. The ubiquity of device types and connections (cellular, wireless, sensor, multi-SIM, machine-to-machine) and the expansion of usage types (voice, high-definition video, music, data) have also made it more complex to monitor and secure these networks and to conduct analysis on the traffic and content.
To accomplish this, the traffic must be instrumented (what data is moving across the network), analyzed (what is the content of the traffic), and contextualized (what are the implications of this) so a relevant decision can be made or action taken within the available window of opportunity. This is especially so in the case of time-critical security, verification, or revenue impacting situations, and customer, operational, or machine-to-machine impacting events. Examples of such events include fraud occurring on mobile carrier networks, cellular zones dropping calls above an acceptable threshold, malfunctioning mobile applications or sensor devices, or malicious content or agents compromising a network.
Today, this network data is captured by a variety of network probes sitting ‘inline’ (intrusively) inside the network. Network events must first ‘complete’ (example: after a voice call is completed and goes through ‘call teardown’) before they are translated into offline database records (example: Call Detail Records, Event Detail Records). These records are extracted at regular time intervals and provided to applications in offline enterprise data centers for post-event processing and analysis.
These systems can suffer from latency delays of up to 15 minutes for event data to be extracted and delivered to databases. In many cases, multiple terabytes of data are written into databases, posing ‘Big Data’ analytical challenges when time-critical results are needed. The inline hardware represents significant capital expenditures. These types of systems also provide a limited ability to respond flexibly to live conditions, as the application layer is not integrated contextually within the data collection layer. Database records are not generated for some network events that may provide indications of fraud or other critical issues that must be detected.
A use case is mobile carrier fraud detection that utilizes call detail records that have been delivered to a data warehouse after the relevant network traffic or calls have been completed. Detection of fraud in this case occurs after the actual fraudulent event has occurred, and in many cases, the carrier has already incurred a financial loss. Any actions taken to remediate (example: block the caller) can only be applied to the next time a relevant event appears in the network.
Increasingly fast and interconnected networks are driving more activities on to mobile devices such as phones, tablets, etc. Users are adopting everything from e-commerce, mobile health applications and mobile financial tools at a rapidly growing rate. Mobile carriers are enabling money services, similar to those services provided by traditional banks, using mobile devices to transfer electronic money, send and receive money from one device to another, and to deposit and withdraw money. This enables mobile carriers to essentially act as banks by receiving banking licenses in many parts of the world to support these mobile money transfer activities.
Just as traditional banking has a long tradition of fraud, mobile money transfers are rife with opportunities to defraud users at several levels. During the issuance and provisioning of SIM cards there is the opportunity for dishonest retail agents to sell customers phony mobile wallets and applications or to register fake accounts to earn commissions. Additionally, there are classic “socially engineered” scams to trick unsuspecting individuals out of their money by promising they've won a lottery, offering a job application for a small fee, and phishing scams. These fraud situations cost mobile carriers hard dollars in reimbursements to subscribers, regulatory compliance issues, and brand reputation damage.
Preventing mobile money transfer fraud requires the ability to deduce with a high probability whether mobile transfers are legitimate before they are allowed to complete. Unlike today's traditional retail EFT/POS systems where there is an ability to check for stolen cards or lack of funds available before the transaction is approved, there is no ability in the mobile network to undertake any level of positive identification for provisioning, transaction fidelity or identity assurance while the transaction is underway. Carrier fraud management systems analyze log records after transactions have been completed. This does not provide a capability to prevent a fraudulent transaction from occurring in the first place. Safeguarding mobile money transfers from fraud requires accessing the transaction during the transmission in order to provide an opportunity to interject an action to control the outcome of the transaction.